Concerns about the susceptibility of the Java programming language to cyberattacks culminated Thursday night, with a warning posted on the Department of Homeland Security’s Computer Emergency Readiness Team (US-Cert) calling on the public to temporarily disable Java on their personal computers.

The call came in response to the discovery of a new vulernability that lets an attacker execute code on a PC running Java. The vulnerability is reportedly already being used in “exploit kits” which are pre-packaged, for-sale tool kits that can be used to commit online crimes such as stealing someone’s identity.

“We are currently unaware of a practical solution to this problem,” the posting said. Oracle, which acquired Java when it bought Sun Microsystems in 2010, has not yet issued a security patch for this particular vulnerability.

Security experts have been advising people to disable Java for some time, since it is so commonly targeted by cyber criminals. Last fall, Apple won praise for a Mac update that removed a Java plugin from all Mac-compatible web browsers. “I think that the way they’ve handled Java in the browser was their biggest win in 2012,” Charlie Miller, a former NSA employee turned noted Apple hacker, told Ars Technica.

On Friday, Mozilla announced it was blocking all recent Java plugins from automatically loading in the browser unless a user specifically “clicks to play.”

Turning off Java can be done in a few simple steps, depending on which browsers you use.

Mac owners who use Google Chrome can go to Chrome://plugins and verify that the Java plugin is disabled. If you use Safari, you can choose Safari>Preferences, click security and uncheck the box that says “enable Java.” If you use Firefox, you can choose Tools>Add-ons, search “My add-ons” and disable any Java plugin.

Windows users can find a good guide to turning off Java on KrebsonSecurity.com.

JAVA is some bullsh*t though. Alot of exploits for it. Drive bys and sh*t.

01-12-2013, 11:55 PM

Joined Jul 2006 - away - #5

~ KiLLa KaZi ~

919 to ya d0me !

$4,693 |r 13865033

"US Department of Homeland"

how nice of them....

on another note...fu*k em...

01-13-2013, 03:16 AM

Joined Sep 2005 - away - #6

white-chocolate110

XBL GT: WhitishClay

$11,122 |r POWERFUL

01-13-2013, 07:04 AM

Joined Jun 2010 - away - #7

Sean McDevitt

Priest Of Science

$6,800 |r 15857534

01-13-2013, 07:58 AM

Joined Jul 2009 - away - #8

ImAMonster286

King Of My World

$27,569 |r POWERFUL

You fu*king with the wrong mahfu*kas if you worry about this sh*t lol

01-13-2013, 09:59 AM

Joined Jan 2004 - on now - #9

DIGI99

Black Excellence

$8,579 |r POWERFUL

this was the topic of discussion in my computer forensics and perimeter defense class thursday and yesterday...

01-13-2013, 10:40 AM

Joined Feb 2011 - away - #10

Trolling62

#RocketsLost

$1,858 |r POWERFUL

Originally Posted by <<InphDigi>>

this was the topic of discussion in my computer forensics and perimeter defense class thursday and yesterday...

01-13-2013, 11:04 AM

Joined Apr 2006 - away - #11

Yung Dilla1240

Damn Misses renae..

$43,150 |r POWERFUL

Nah i'll keep my java on thank you

01-13-2013, 11:17 AM

Joined Nov 2005 - away - #12

Gateway97244

Hugh G. Rection

$2,588 |r POWERFUL

While the government has a big brother mentality, not EVERYTHING they do is to take your rights away

01-13-2013, 02:39 PM

Joined Dec 2011 - away - #13

One Gud Cide22

Senior Member

$9,014 |r POWERFUL

inb4dumbfu*ktinfoilbrigade

01-13-2013, 03:32 PM

Joined Jul 2010 - away - #14

Stabbin10118

Lebron Is A f*g**t

$1,586 |r 0

The government spends hundreds of billions of dollars on industries dedicated to shaping our attitudes and beliefs. Across the board academics in all fields agree to this; it is so deeply embedded within us.

01-13-2013, 06:07 PM

Joined Jan 2013 - away - #15

Quest7147

Senior Member

$1,003 |r POWERFUL

Oracle releases software update to fix Java vulnerability.

The update, which is available on Oracle's Web site, fixes a critical vulnerability in Oracle's Java 7 that could allow a remote, unauthenticated attacker to execute arbitrary code. The attack can be induced if someone visits a Web site that's been set up with malicious code to take advantage of the hole.